Deployment Architecture

Monitoring Console in Distributed search topology

chintan_shah
Path Finder

I have one instance which run as Search Head and other instance as Indexer. I wanted to know where should i setup Monitoring Console so that i can monitor the performance of search peers? If i try to setup distributed mode on my search head, its give me warning "Do not configure the DMC in distributed mode if this is a production search head. Doing so can change the behavior of all searches on this instance. This is dangerous and unsupported.
If you want to configure the DMC in distributed mode, you must locate the DMC on an instance that is not a production search head."

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi @chintan_shah,

Based on http://docs.splunk.com/Documentation/Splunk/7.0.0/DMC/WheretohostDMC, you require dedicated search head to run Monitoring Console, do not configure Monitoring Console on production search head.

I hope this helps.

Thanks,
Harshil

0 Karma

skirven
Communicator

Hi! I have a follow on question to this. Looking at the current 7.3.1 documentation at https://docs.splunk.com/Documentation/Splunk/7.3.1/DMC/Addinstancesassearchpeers, we have:
1) A Cluster Master
2) A License Master (Small install)
3) 36 Indexers
4) 16 Search Heads

I want to run the DMC on a totally separate installation. Looking at this statement, it gives me pause. "If you are monitoring an indexer cluster and you are hosting the monitoring console on an instance other than the cluster master, you must add the cluster master as a search peer and you must configure the monitoring console instance as a search-head in that cluster"

Is this stating that I need to configure the DMC server as a SH inside the existing SH Cluster? Does this also mean it gets the same bundle replication from the Master Node? I don't want any production dependencies on the server. I don't mind treating it like Production, but I don't want any actual production searches, etc to be running on it?

I know there's the switch you flip on the DMC to put it in Distributed, and perhaps it's just a situation where it's running in this "Production" state until that switch is flipped?
Thanks!
Stephen

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

No, you do not need to add that DMC SH in SH Cluster, that will be standalone SH & dedicated for DMC.

When you point standalone SH to cluster master, it will automatically populates all Indexers from cluster master so you do not need to add Clustered Indexers in DMC as search peers.

I didn't get your last question.

PS: It will be good to open new question and refer this question in your question.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...